Re: [users@httpd] mod_ssl: http to https ErrorDocument redirect stops working when only TLSv1.2 specified

Otis Dewitt - NOAA Affiliate Thu, 24 Jun 2021 08:54:24 -0700

You may be having certificate issues. Try testing the certificates first.

# Your first error message is:   AH02008: SSL library error 1 in handshake


# Run This
openssl verify  /etc/certs/localhost/host.crt

# If you get This
error 20 at 0 depth lookup:unable to get local issuer certificate

# Then Run this with your CA file
openssl verify -CAfile /etc/certs/CA/locate CAfile
/etc/certs/localhost/host.crt

# Any error here should help you resolve the issue.

On Thu, Jun 24, 2021 at 4:22 AM Pavel Heimlich, a.k.a. hajma <
tropikha...@gmail.com> wrote:

> With the
> SSLProtocol -ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
> line in config:
>
> [Thu Jun 24 07:59:41.488363 2021] [ssl:info] [pid 2213:tid 1] AH01883:
> Init: Initialized OpenSSL library
> [Thu Jun 24 07:59:41.488427 2021] [ssl:warn] [pid 2213:tid 1] AH01873:
> Init: Session Cache is not configured [hint: SSLSessionCache]
> [Thu Jun 24 07:59:41.488443 2021] [ssl:info] [pid 2213:tid 1] AH01887:
> Init: Initializing (virtual) servers for SSL
> [Thu Jun 24 07:59:41.488456 2021] [ssl:info] [pid 2213:tid 1] AH01914:
> Configuring server 127.0.0.1:443 for SSL protocol
> [Thu Jun 24 07:59:41.488779 2021] [ssl:debug] [pid 2213:tid 1]
> ssl_engine_init.c(2097): AH02209: CA certificate: CN=solaris,O=Host Root CA
> [Thu Jun 24 07:59:41.488961 2021] [ssl:debug] [pid 2213:tid 1]
> ssl_engine_init.c(1142): AH01904: Configuring server certificate chain (1
> CA certificate)
> [Thu Jun 24 07:59:41.488980 2021] [ssl:debug] [pid 2213:tid 1]
> ssl_engine_init.c(500): AH01893: Configuring TLS extension handling
> [Thu Jun 24 07:59:41.489222 2021] [ssl:debug] [pid 2213:tid 1]
> ssl_util_ssl.c(451): AH02412: [127.0.0.1:443] Cert does not match for
> name '127.0.0.1' [subject: CN=ST098 / issuer: CN=solaris,O=Host Root CA /
> serial: 4A755690944C / notbefore: Jun  9 14:26:00 2021 GMT / notafter: Jun
>  9 14:26:00 2022 GMT]
> [Thu Jun 24 07:59:41.489250 2021] [ssl:warn] [pid 2213:tid 1] AH01909:
> 127.0.0.1:443:0 server certificate does NOT include an ID which matches
> the server name
> [Thu Jun 24 07:59:41.489263 2021] [ssl:info] [pid 2213:tid 1] AH02568:
> Certificate and private key 127.0.0.1:443:0 configured from
> /etc/certs/localhost/host.crt and /etc/certs/localhost/host.key
> [Thu Jun 24 07:59:41.489416 2021] [ssl:info] [pid 2213:tid 1] AH01876:
> mod_ssl/2.4.47 compiled against Server: Apache/2.4.47, Library:
> OpenSSL/1.0.2y
> [Thu Jun 24 07:59:41.489752 2021] [mpm_event:notice] [pid 2213:tid 1]
> AH00489: Apache/2.4.47 (Unix) OpenSSL/1.0.2y-fips configured -- resuming
> normal operations
> [Thu Jun 24 07:59:41.489773 2021] [mpm_event:info] [pid 2213:tid 1]
> AH00490: Server built: May 21 2021 14:00:57
> [Thu Jun 24 07:59:41.489786 2021] [core:notice] [pid 2213:tid 1] AH00094:
> Command line: '/usr/apache2/2.4/bin/httpd'
> [Thu Jun 24 07:59:41.489804 2021] [core:debug] [pid 2213:tid 1]
> log.c(1570): AH02639: Using SO_REUSEPORT: no (1)
> [Thu Jun 24 07:59:42.493418 2021] [mpm_event:debug] [pid 2752:tid 2]
> event.c(2298): AH02471: start_threads: Using port (wakeable)
> [Thu Jun 24 07:59:42.497865 2021] [mpm_event:debug] [pid 2753:tid 2]
> event.c(2298): AH02471: start_threads: Using port (wakeable)
> [Thu Jun 24 07:59:42.565017 2021] [mpm_event:debug] [pid 2754:tid 2]
> event.c(2298): AH02471: start_threads: Using port (wakeable)
> Note ^ Now the server is fully started
> Note v Starting the client
> [Thu Jun 24 08:00:39.187556 2021] [ssl:info] [pid 2754:tid 27] [client
> 10.175.18.160:60576] AH01964: Connection to child 152 established (server
> 127.0.0.1:443)
> [Thu Jun 24 08:00:39.188524 2021] [ssl:info] [pid 2754:tid 27] [client
> 10.175.18.160:60576] AH02008: SSL library error 1 in handshake (server
> 127.0.0.1:443)
> [Thu Jun 24 08:00:39.188666 2021] [ssl:info] [pid 2754:tid 27] SSL Library
> Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
> [Thu Jun 24 08:00:39.188694 2021] [ssl:info] [pid 2754:tid 27] [client
> 10.175.18.160:60576] AH01998: Connection closed to child 152 with
> abortive shutdown (server 127.0.0.1:443)
> [Thu Jun 24 08:00:39.306587 2021] [ssl:info] [pid 2754:tid 27] [client
> 10.175.18.160:60578] AH01964: Connection to child 152 established (server
> 127.0.0.1:443)
> [Thu Jun 24 08:00:39.306887 2021] [ssl:info] [pid 2754:tid 27]
> (-1385897552)Unknown error: [client 10.175.18.160:60578] AH02008: SSL
> library error 1 in handshake (server 127.0.0.1:443)
> [Thu Jun 24 08:00:39.307024 2021] [ssl:info] [pid 2754:tid 27] SSL Library
> Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
> [Thu Jun 24 08:00:39.307044 2021] [ssl:info] [pid 2754:tid 27] [client
> 10.175.18.160:60578] AH01998: Connection closed to child 152 with
> abortive shutdown (server 127.0.0.1:443)
> [Thu Jun 24 08:00:39.438365 2021] [ssl:info] [pid 2754:tid 27] [client
> 10.175.18.160:60580] AH01964: Connection to child 152 established (server
> 127.0.0.1:443)
> [Thu Jun 24 08:00:39.438634 2021] [ssl:info] [pid 2754:tid 27]
> (-1385897552)Unknown error: [client 10.175.18.160:60580] AH02008: SSL
> library error 1 in handshake (server 127.0.0.1:443)
> [Thu Jun 24 08:00:39.438686 2021] [ssl:info] [pid 2754:tid 27] SSL Library
> Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
> [Thu Jun 24 08:00:39.438705 2021] [ssl:info] [pid 2754:tid 27] [client
> 10.175.18.160:60580] AH01998: Connection closed to child 152 with
> abortive shutdown (server 127.0.0.1:443)
> [Thu Jun 24 08:00:39.559198 2021] [ssl:info] [pid 2754:tid 27] [client
> 10.175.18.160:60582] AH01964: Connection to child 152 established (server
> 127.0.0.1:443)
> [Thu Jun 24 08:00:39.559407 2021] [ssl:info] [pid 2754:tid 27]
> (-1385897552)Unknown error: [client 10.175.18.160:60582] AH02008: SSL
> library error 1 in handshake (server 127.0.0.1:443)
> [Thu Jun 24 08:00:39.559448 2021] [ssl:info] [pid 2754:tid 27] SSL Library
> Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
> [Thu Jun 24 08:00:39.559466 2021] [ssl:info] [pid 2754:tid 27] [client
> 10.175.18.160:60582] AH01998: Connection closed to child 152 with
> abortive shutdown (server 127.0.0.1:443)
> [Thu Jun 24 08:00:39.687589 2021] [ssl:info] [pid 2754:tid 27] [client
> 10.175.18.160:60584] AH01964: Connection to child 152 established (server
> 127.0.0.1:443)
> [Thu Jun 24 08:00:39.687913 2021] [ssl:info] [pid 2754:tid 27]
> (-1385897552)Unknown error: [client 10.175.18.160:60584] AH02008: SSL
> library error 1 in handshake (server 127.0.0.1:443)
> [Thu Jun 24 08:00:39.687974 2021] [ssl:info] [pid 2754:tid 27] SSL Library
> Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
> [Thu Jun 24 08:00:39.688008 2021] [ssl:info] [pid 2754:tid 27] [client
> 10.175.18.160:60584] AH01998: Connection closed to child 152 with
> abortive shutdown (server 127.0.0.1:443)
> [Thu Jun 24 08:00:39.815258 2021] [ssl:info] [pid 2754:tid 27] [client
> 10.175.18.160:60586] AH01964: Connection to child 152 established (server
> 127.0.0.1:443)
> [Thu Jun 24 08:00:39.815532 2021] [ssl:info] [pid 2754:tid 27]
> (-1385897552)Unknown error: [client 10.175.18.160:60586] AH02008: SSL
> library error 1 in handshake (server 127.0.0.1:443)
> [Thu Jun 24 08:00:39.815585 2021] [ssl:info] [pid 2754:tid 27] SSL Library
> Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
> [Thu Jun 24 08:00:39.815603 2021] [ssl:info] [pid 2754:tid 27] [client
> 10.175.18.160:60586] AH01998: Connection closed to child 152 with
> abortive shutdown (server 127.0.0.1:443)
> [Thu Jun 24 08:00:39.945447 2021] [ssl:info] [pid 2754:tid 27] [client
> 10.175.18.160:60588] AH01964: Connection to child 152 established (server
> 127.0.0.1:443)
> [Thu Jun 24 08:00:39.945650 2021] [ssl:info] [pid 2754:tid 27]
> (-1385897552)Unknown error: [client 10.175.18.160:60588] AH02008: SSL
> library error 1 in handshake (server 127.0.0.1:443)
> [Thu Jun 24 08:00:39.945692 2021] [ssl:info] [pid 2754:tid 27] SSL Library
> Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
> [Thu Jun 24 08:00:39.945710 2021] [ssl:info] [pid 2754:tid 27] [client
> 10.175.18.160:60588] AH01998: Connection closed to child 152 with
> abortive shutdown (server 127.0.0.1:443)
> [Thu Jun 24 08:00:40.075017 2021] [ssl:info] [pid 2754:tid 27] [client
> 10.175.18.160:60590] AH01964: Connection to child 152 established (server
> 127.0.0.1:443)
> [Thu Jun 24 08:00:40.075213 2021] [ssl:info] [pid 2754:tid 27]
> (-1385897552)Unknown error: [client 10.175.18.160:60590] AH02008: SSL
> library error 1 in handshake (server 127.0.0.1:443)
> [Thu Jun 24 08:00:40.075295 2021] [ssl:info] [pid 2754:tid 27] SSL Library
> Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
> [Thu Jun 24 08:00:40.075342 2021] [ssl:info] [pid 2754:tid 27] [client
> 10.175.18.160:60590] AH01998: Connection closed to child 152 with
> abortive shutdown (server 127.0.0.1:443)
> [Thu Jun 24 08:00:40.203748 2021] [ssl:info] [pid 2754:tid 26] [client
> 10.175.18.160:60592] AH01964: Connection to child 151 established (server
> 127.0.0.1:443)
> [Thu Jun 24 08:00:40.203997 2021] [ssl:info] [pid 2754:tid 26]
> (-1385897552)Unknown error: [client 10.175.18.160:60592] AH02008: SSL
> library error 1 in handshake (server 127.0.0.1:443)
> [Thu Jun 24 08:00:40.204064 2021] [ssl:info] [pid 2754:tid 26] SSL Library
> Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
> [Thu Jun 24 08:00:40.204101 2021] [ssl:info] [pid 2754:tid 26] [client
> 10.175.18.160:60592] AH01998: Connection closed to child 151 with
> abortive shutdown (server 127.0.0.1:443)
> [Thu Jun 24 08:00:40.331214 2021] [ssl:info] [pid 2754:tid 26] [client
> 10.175.18.160:60594] AH01964: Connection to child 151 established (server
> 127.0.0.1:443)
> [Thu Jun 24 08:00:40.331513 2021] [ssl:info] [pid 2754:tid 26]
> (-1385897552)Unknown error: [client 10.175.18.160:60594] AH02008: SSL
> library error 1 in handshake (server 127.0.0.1:443)
> [Thu Jun 24 08:00:40.331555 2021] [ssl:info] [pid 2754:tid 26] SSL Library
> Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
> [Thu Jun 24 08:00:40.331573 2021] [ssl:info] [pid 2754:tid 26] [client
> 10.175.18.160:60594] AH01998: Connection closed to child 151 with
> abortive shutdown (server 127.0.0.1:443)
>
> With
> SSLProtocol TLSv1.1 +TLSv1.2
> in config:
> (The startup part is identical, skipping that)
> [Thu Jun 24 08:07:11.248472 2021] [ssl:info] [pid 2773:tid 27] [client
> 10.175.18.160:60708] AH01964: Connection to child 344 established (server
> 127.0.0.1:443)
> [Thu Jun 24 08:07:11.249320 2021] [ssl:info] [pid 2773:tid 27] [client
> 10.175.18.160:60708] AH01996: SSL handshake failed: HTTP spoken on HTTPS
> port; trying to send HTML error page
> [Thu Jun 24 08:07:11.249464 2021] [ssl:info] [pid 2773:tid 27] SSL Library
> Error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request --
> speaking HTTP to HTTPS port!?
> [Thu Jun 24 08:07:11.382584 2021] [ssl:info] [pid 2773:tid 27] [client
> 10.175.18.160:60710] AH01964: Connection to child 344 established (server
> 127.0.0.1:443)
> [Thu Jun 24 08:07:11.390393 2021] [ssl:debug] [pid 2773:tid 27]
> ssl_engine_kernel.c(2389): [client 10.175.18.160:60710] AH02044: No
> matching SSL virtual host for servername myserver found (using
> default/first virtual host)
> [Thu Jun 24 08:07:11.390553 2021] [core:debug] [pid 2773:tid 27]
> protocol.c(2346): [client 10.175.18.160:60710] AH03155: select protocol
> from , choices=h2,http/1.1 for server 127.0.0.1
> [Thu Jun 24 08:07:11.472125 2021] [ssl:debug] [pid 2773:tid 27]
> ssl_engine_kernel.c(2252): [client 10.175.18.160:60710] AH02041:
> Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
> [Thu Jun 24 08:07:11.478503 2021] [ssl:debug] [pid 2773:tid 27]
> ssl_engine_kernel.c(415): [client 10.175.18.160:60710] AH02034: Initial
> (No.1) HTTPS request received for child 344 (server 127.0.0.1:443)
> [Thu Jun 24 08:07:11.478634 2021] [authz_core:debug] [pid 2773:tid 27]
> mod_authz_core.c(815): [client 10.175.18.160:60710] AH01626:
> authorization result of Require all granted: granted
> [Thu Jun 24 08:07:11.478654 2021] [authz_core:debug] [pid 2773:tid 27]
> mod_authz_core.c(815): [client 10.175.18.160:60710] AH01626:
> authorization result of <RequireAny>: granted
> [Thu Jun 24 08:07:11.478675 2021] [core:info] [pid 2773:tid 27] [client
> 10.175.18.160:60710] AH00129: Attempt to serve directory:
> /var/apache2/2.4/htdocs/
>
>
>
> čt 24. 6. 2021 v 3:46 odesílatel Otis Dewitt - NOAA Affiliate
> <otis.dew...@noaa.gov.invalid> napsal:
>
>> What does the /var/log/httpd/error_log say?  Paste that.
>>
>>

Re: [users@httpd] mod_ssl: http to https ErrorDocument redirect stops working when only TLSv1.2 specified

Reply via email to